Cisco Event Response: Microsoft Security Bulletin Release for January 2013

January 8. 2013

Microsoft published its monthly security bulletin release on January 8, 2013. Microsoft released seven bulletins that addressed 12 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft XML Core Services, Microsoft .NET, and Microsoft System Operations Manager. The vulnerabilities could allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, gain access to sensitive information, bypass security controls, cause a denial of service condition, or gain elevated privileges.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS13-001 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution	Microsoft Windows Print Spooler Arbitrary Code Execution Vulnerability	CVE-2013-0011	–	10.0
Microsoft Security Bulletin MS13-002 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution	Microsoft XML Core Services Memory Corruption Arbitrary Code Execution Vulnerability	CVE-2013-0006	–	9.3
	Microsoft XML Core Services Memory Corruption Vulnerability	CVE-2013-0007	Cisco IPS Signature 1794-0, Cisco Security Managr	9.3
Microsoft Security Bulletin MS13-003 Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege	Microsoft System Center Operations Manager Web-Based Administration Console Cross-Site Scripting Vulnerability	CVE-2013-0009	–	4.3
	Microsoft System Center Operations Manager Web-Based Administration Console Cross-Site Scripting Vulnerability	CVE-2013-0010	Cisco IPS Signature 1790-0, Cisco Security Manager	4.3
Microsoft Security Bulletin MS13-004 Vulnerability in .NET Framework Could Allow Elevation of Privilege	Microsoft .NET Framework Memory Pointer Handling Information Disclosure Vulnerability	CVE-2013-0001	–	4.3
	Microsoft .NET Framework Windows Forms Processing Buffer Overflow Vulnerability	CVE-2013-0002	–	9.3
	Microsoft .NET Framework System.DirectoryServices.Protocols Buffer Overflow Vulnerability	CVE-2013-0003	Cisco ASA/ASA-SM/FWSM, Cisco Security Manager	9.3
	Microsoft .NET Framework Memory Object Permission Handling Arbitrary Code Execution Vulnerability	CVE-2013-0004	–	9.3
Microsoft Security Bulletin MS13-005 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege	Microsoft Windows win32k Kernel Driver Message Handling Privilege Escalation Vulnerability	CVE-2013-0008	–	6.8
Microsoft Security Bulletin MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass	Microsoft Windows SSL Downgrade Vulnerability	CVE-2013-0013	–	4.3
Microsoft Security Bulletin MS13-007 Vulnerability in OData Services Could Allow Denial of Service	Microsoft .NET Framework OData WCF Replace Function Input Processing Denial of Service Vulnerability	CVE-2013-0005	Cisco IPS Signature 1793-0, Cisco Security Manager	4.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures; Cisco ACE Application Control Engine and Module; and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for January 2013

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.